1. Field of the Invention
This invention relates generally to computers, and, more particularly, to a method and apparatus for ensuring the secure operation of a computer system.
2. Description of the Related Art
General purpose computing systems, such as personal computers, have evolved from performing a single task to performing a multitude of tasks executed simultaneously. Systems that multitask require security and protection services to protect their operating system from user processes, and to protect the processes from each other. Without protection, a rogue program, for example, could unintentionally destroy the program code or data in the memory space belonging to the operating system or to another process.
Typically, in x86 microprocessor environments, security features have been implemented to reduce the possibility of a rogue program by providing varying privilege levels. Different types of software run at these varying privilege levels, and, thus, have varying access to the resources of the computing system. As illustrated in FIG. 1, the operating system of the computer typically runs at the highest privilege level (i.e., level 0), which generally permits the operating system free access to virtually any of the system resources of the computer system. Software drivers are also permitted to run at the highest privilege level. Application programs, on the other hand, typically run at the lowest privilege level (i.e., level 3), and are generally permitted access to the system resources, but only by the permission of the operating system. Thus, at least theoretically, the operating system prevents one application program from accessing the system resources assigned to another application program. For example, the operating system assigns space in physical memory to the application programs, which are generally free to read and write within the assigned space only. That is, the operating system normally prevents one application program from modifying the contents of a portion of the physical memory that has been assigned to another application program.
Security defects and bugs, however, have inevitably penetrated their way into the operating system and drivers. Accordingly, it is possible that rogue programs or drivers could accidentally or intentionally use these security defects and bugs to gain access to portions of the memory from which they were intended to be excluded. Once a program or driver has access to otherwise protected memory, it can impede or even take over operation of the targeted software, including any peripheral devices associated therewith. For example, the operation of a modem in a data processor could be subverted by a rogue program that gains access to the memory space of the application program or driver originally associated with the modem. The rogue program could then instruct the modem to place unauthorized and undesirable calls over a telephone network, or to otherwise interfere with the proper operation of the telephone network.
The most recent version of Microsoft's Windows® operating system, Windows 2000®, now has over one million lines of code contained in its kernel and associated kernel-mode drivers. Thus, more than one million lines of code have generally free access to the system resources. Accordingly, owing to the sheer size of the operating system, additional defects and bugs will inevitably be uncovered. Thus, rogue programs may very well continue to exploit yet-to-be discovered security defects and bugs to accidentally or intentionally gain access to portions of memory from which they were intended to be shielded.
The present invention is directed to overcoming, or at least reducing the effects of, one or more of the problems set forth above.